IETF Logo Mail Archive

Re: [kitten] [Curdle] Diffie-Hellman modulus sizing in Kerberos PKINIT

Robbie Harwood <rharwood@redhat.com> Fri, 06 August 2021 18:23 UTC

Return-Path: <rharwood@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3ED63A0E1E for <kitten@ietfa.amsl.com>; Fri, 6 Aug 2021 11:23:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mbOC7f5knq3A for <kitten@ietfa.amsl.com>; Fri, 6 Aug 2021 11:23:34 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CBA63A0E2C for <kitten@ietf.org>; Fri, 6 Aug 2021 11:23:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1628274213; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Q1LUeQ4M4I4qGECGSUF1EpWJQ0l7m6I2tEijOm4BX4s=; b=U9LeXP55nNIE9YF06XtoEmBnvOyNUs1LDpflOQgpzDBJm9m9iIFMgylt80+dHnGZ3ynh9j yTBtfk8bUAryOGJr2yNAvurab9fgbeh2Aj9CVXHySrAGLtKDDjsWHCE/0rgqg4+7kiNI/h 8ZIVBIZ0uuh0CQR1pJW0dd0jkaozn0U=
Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com [209.85.219.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-412-9AgouvKRMT6tYyXROnpcrQ-1; Fri, 06 Aug 2021 14:23:30 -0400
X-MC-Unique: 9AgouvKRMT6tYyXROnpcrQ-1
Received: by mail-qv1-f70.google.com with SMTP id kk20-20020a0562145094b029034e3ec4ffb4so941709qvb.11 for <kitten@ietf.org>; Fri, 06 Aug 2021 11:23:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=Q1LUeQ4M4I4qGECGSUF1EpWJQ0l7m6I2tEijOm4BX4s=; b=FiD7P0T+Xr0+WGZJv1viFDO2c2qtlufcKqDjoEB1wGCwy6kcQFuH7j9tyn+M/8Y6Lh qc6zSEAltnbMzHYbmBcR1VmIEQAecRuz5BCwho7iUDlAwylXN0tgODJBbVwO6CkzZf51 94OsN2qUnwfhH3i+ro5qZqZVJszWPryK3EYebUV3zCBxNU7nehnKoXTlWvJrDlo8BhvO OgggADx+qY1n2mOcAnC5fPJsVT1xe8N0vQZ56imbgPg5+obD5E8iSEdK6q0wu8o9m/7b ko29BYyYxmwbkEpunh7G+MDsDbgQj6lEYOGhMTb0xkc7F34ZA4VJjJy2PfYn4uIqySRc nlZQ==
X-Gm-Message-State: AOAM530vzFjteDi3ajRetxI3Rp+FlRHtSN+IoZmYRyqQcmwu+3nSzVTQ yUrMUucQ6jwyQEjz0g0ITQaxlTQMLZCHOM11rLp8CSrhdo6uPeUov78VG7RISxDt/KBGaVptC0Q bfJVXUB0=
X-Received: by 2002:a05:620a:15f5:: with SMTP id p21mr11310507qkm.380.1628274209719; Fri, 06 Aug 2021 11:23:29 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJweul6HI4Z50RrBmQQAQUTmNJnCkyU+Ol0V1exWIq5UGIMr9+2rFMz8OscpeVPzRfUY60Rugw==
X-Received: by 2002:a05:620a:15f5:: with SMTP id p21mr11310495qkm.380.1628274209554; Fri, 06 Aug 2021 11:23:29 -0700 (PDT)
Received: from localhost (c-71-232-17-31.hsd1.ma.comcast.net. [71.232.17.31]) by smtp.gmail.com with ESMTPSA id n25sm4958657qkh.21.2021.08.06.11.23.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Aug 2021 11:23:29 -0700 (PDT)
From: Robbie Harwood <rharwood@redhat.com>
To: Mark D Baushke <mdb@sonic.net>
Cc: curdle@ietf.org, kitten@ietf.org
In-Reply-To: <A3B7F66E-1724-4D8C-B888-E862D65448DF@sonic.net>
References: <jlgeebfzxe5.fsf@redhat.com> <A3B7F66E-1724-4D8C-B888-E862D65448DF@sonic.net>
Date: Fri, 06 Aug 2021 14:23:26 -0400
Message-ID: <jlgk0ky8map.fsf@redhat.com>
MIME-Version: 1.0
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=rharwood@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/X7FX1znomXmZFhlkcSyY-NojKhE>
Subject: Re: [kitten] [Curdle] Diffie-Hellman modulus sizing in Kerberos PKINIT
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Aug 2021 18:23:36 -0000

I have uploaded a -02 that hopefully provides the changes you were
looking for.

I was mistaken earlier about what Heimdal supports: while they test
their DH implementation with many other groups, the built-in support is
limited to 1k and 2k groups.  So I've elected to make minimum size
guidance rather than standardizing the intermediate groups, and limit
the additions to 6k and 8k.

Be well,
--Robbie

v2.8.7 | Report a Bug | By Email